Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add "hit"/"miss" statistics for queries #2

Open
cudeso opened this issue Jul 16, 2021 · 2 comments
Open

Add "hit"/"miss" statistics for queries #2

cudeso opened this issue Jul 16, 2021 · 2 comments
Labels
enhancement New feature or request

Comments

@cudeso
Copy link
Contributor

cudeso commented Jul 16, 2021

Track the queries that returned a hit or did not return a hit.
Track per hash and have a "namespace".

  • handy when importing sets from other sources
  • run over all files in a disk, track which files have been seen, which one haven't been seen
  • per "dfir"-session
  • get statistics afterwards
  • option to query and reset statistics, per session
  • store on db side
@adulau
Copy link
Owner

adulau commented Jul 16, 2021

Thanks a lot for the ideas.

  • For tracking queries, I'll add table of hashes with hits and no hits. It will also add a pub-sub channel for it.

  • For the session, that's a clever idea. Something like Ubuntu Bionic default session and we could even save the set and make it available if other parties are interested.

@adulau adulau added the enhancement New feature or request label Jul 16, 2021
@adulau
Copy link
Owner

adulau commented Aug 13, 2021
edited
Loading

  • Pub-sub functionality for hit-missed added in 31ac93e
  • Add a hit/miss zrank option to add statistics in 72b462b
  • Support statistics for bulk search too
  • Add a new API endpoints to paginate over the statistics
  • Add a new option for session creation with TTL

adulau added a commit that referenced this issue Aug 14, 2021
@adulau
new: [feature] session handling added
284e471 
A user can now create a session, assign lookup results to a session
and retrieve the lookup session results in one shot.

This partially implement feature requested in issue #2 to support
DFIR sessions.

Thanks to Koen Van Impe for the idea.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@adulau @cudeso